big restructure

This commit is contained in:
2026-02-11 19:28:12 +01:00
parent cd59ccd99b
commit 3eb9cc0ac4
209 changed files with 5101 additions and 2459 deletions

View File

@@ -0,0 +1,164 @@
<?php
namespace MintyPHP\Service\Auth;
use MintyPHP\Auth;
use MintyPHP\Router;
use MintyPHP\Support\Flash;
use MintyPHP\Service\User\UserService;
use MintyPHP\Service\Access\PermissionService;
use MintyPHP\Service\Auth\RememberMeService;
use MintyPHP\Service\Auth\EmailVerificationService;
use MintyPHP\Repository\User\UserRepository;
class AuthService
{
public static function login(string $email, string $password): array
{
$email = trim($email);
// Check if email is verified before attempting login
$existingUser = UserRepository::findByEmail($email);
if ($existingUser && empty($existingUser['email_verified_at'])) {
return [
'ok' => false,
'message' => 'Please verify your email first',
'flash_key' => 'login_not_verified',
'needs_verification' => true,
'email' => $email,
];
}
$user = Auth::login($email, $password);
if (!$user) {
return [
'ok' => false,
'message' => 'Email/password not valid',
'flash_key' => 'login_invalid',
];
}
if (!($_SESSION['user']['active'] ?? 1)) {
Auth::logout();
return [
'ok' => false,
'message' => 'Account is inactive',
'flash_key' => 'login_inactive',
];
}
$userId = (int) ($_SESSION['user']['id'] ?? 0);
if ($userId > 0) {
PermissionService::getUserPermissions($userId, true);
self::loadTenantDataIntoSession($userId);
if (!empty($_SESSION['no_active_tenant'])) {
Auth::logout();
return [
'ok' => false,
'message' => 'No active tenant assigned',
'flash_key' => 'login_no_active_tenant',
];
}
UserRepository::updateLastLogin($userId);
}
return ['ok' => true];
}
public static function loginAndRedirect(
string $email,
string $password,
string $successTarget = 'admin',
string $failTarget = 'login',
bool $remember = false
): void {
$result = self::login($email, $password);
if (!($result['ok'] ?? false)) {
// Check if user needs to verify email
if (!empty($result['needs_verification'])) {
$_SESSION['email_verification_email'] = $result['email'] ?? $email;
Flash::error(t('Please verify your email first'), 'verify-email', 'login_not_verified');
Router::redirect('verify-email');
}
$message = $result['message'] ?? 'Email/password not valid';
$key = $result['flash_key'] ?? 'login_invalid';
Flash::error($message, $failTarget, $key);
Router::redirect($failTarget);
}
if ($remember) {
$userId = (int) ($_SESSION['user']['id'] ?? 0);
if ($userId > 0) {
RememberMeService::rememberUser($userId);
}
}
Router::redirect($successTarget);
}
public static function register(array $data): array
{
$email = trim((string) ($data['email'] ?? ''));
$result = UserService::register($data);
if (!($result['ok'] ?? false)) {
return $result;
}
// Get the created user to send verification email
$createdUser = UserRepository::findByEmail($email);
if ($createdUser && isset($createdUser['id'])) {
$userId = (int) $createdUser['id'];
EmailVerificationService::sendVerification($userId);
}
// Don't login - user needs to verify email first
return ['ok' => true, 'email' => $email, 'needs_verification' => true];
}
public static function logout(): void
{
RememberMeService::forgetCurrentUser();
Auth::logout();
}
public static function logoutAndRedirect(string $target = 'login'): void
{
RememberMeService::forgetCurrentUser();
Auth::logout();
Router::redirect($target);
}
public static function loadTenantDataIntoSession(int $userId): void
{
if ($userId <= 0) {
return;
}
// Load available tenants first
$availableTenants = UserService::getAvailableTenants($userId);
$_SESSION['available_tenants'] = $availableTenants;
$_SESSION['available_departments_by_tenant'] = UserService::getAvailableDepartmentsByTenant($userId);
$hasTenantAdminAccess = PermissionService::userHas($userId, PermissionService::TENANTS_UPDATE)
|| PermissionService::userHas($userId, PermissionService::SETTINGS_UPDATE);
if (!$availableTenants && !$hasTenantAdminAccess) {
$_SESSION['no_active_tenant'] = true;
unset($_SESSION['current_tenant']);
return;
}
$_SESSION['no_active_tenant'] = false;
// Load current tenant (with fallback to first available)
$currentTenant = UserService::getCurrentTenant($userId);
if (!$currentTenant && !empty($availableTenants)) {
// Fallback: use first available tenant
$currentTenant = $availableTenants[0];
}
if ($currentTenant) {
$_SESSION['current_tenant'] = $currentTenant;
}
}
}